[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RES: RES: password policy user configuration
Hi Scott,
Thanks for your tip. It helped me to clarify my ideas and following Jarbas'
tip, I could fix my bug and solved my problema.
Thank you very much
---
Gustavo Mendes de Carvalho
email: gmcarvalho@gmail.com
-----Mensagem original-----
De: Scott Classen [mailto:sclassen@lbl.gov]
Enviada em: sábado, 10 de maio de 2008 12:05
Para: Gustavo Mendes de Carvalho
Cc: openldap-technical@openldap.org
Assunto: Re: RES: password policy user configuration
I think you need to have a separate container for holding your pwdPolicy.
You do not store that information in your user entry.
On May 10, 2008, at 7:20 AM, Gustavo Mendes de Carvalho wrote:
>
> User definition
> dn: uid=test,ou=orgunit,o=org
> objectClass: posixAccount
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: shadowAccount
> objectClass: person
> objectClass: pwdPolicy
> loginShell: /bin/bash
> givenName: test
> sn: test-test
> displayName: test test-test
> uid: test
> homeDirectory: /home/test
> shadowFlag: 0
> shadowMax: 35
> shadowWarning: 7
> shadowInactive: 99999
> shadowExpire: 99999
> cn: test test-test
> uidNumber: 12190
> gidNumber: 25023
> shadowMin: 10
> pwdAttribute: userPassword
All the stuff below should be put in
cn=mypasswdpolicy,cn=Policies,dc=example,dc=com
then you put an entry in your user account as such:
pwdPolicy: cn=mypasswdpolicy,cn=Policies,dc=example,dc=com
>
> pwdMinAge: 30
> pwdMaxAge: 120
> pwdInHistory: 3
> pwdMinLength: 8
> pwdExpireWarning: 60
> pwdLockout: TRUE
> pwdLockoutDuration: 60
> pwdMaxFailure: 2
> pwdSafeModify: TRUE
> shadowLastChange: 14006
> pwdMustChange: FALSE
> userPassword: {SSHA}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>
I hope that helps,
Scott